How to decrypt utage image

[haniwa55]

I understood how to decrypt utage image. The decrypt method is very simple with XOR. Utage crypt key extracts and analyzes PNG image from memory dump. GARbro can not browse the Utage image yet. So I made a simple sample program. https://github.com/haniwa55/UtageDecryptSample/blob/master/UtageDecryptSample.cs Please have a look. I will delete the sample program after you look.

[morkt]

this routine could be obtained by just looking at Assembly-CSharp.dll with ILSpy. it resides in Utage.Crypt.DecryptXor method:

public static void DecryptXor(byte[] key, byte[] buffer, int offset, int count)
{
    if (key != null && key.Length > 0)
    {
        int num = key.Length;
        for (int i = offset; i < offset + count; i++)
        {
            byte b = key[i % num];
            if (buffer[i] != 0 && buffer[i] != b)
            {
                buffer[i] ^= b;
            }
        }
    }
}

by following references (Analyze -> Used by in ILSpy) you could easily find a key, it's stored in Utage.FileIOManager.cryptKey.

[haniwa55]

I'm sorry. I had not confirmed that source program of GARbro. I tried ILSpy. However Retarnia.exe could not be decompiled. "// C:\The Spirit Master of Retarnia\Retarnia.exe" "// This file does not contain a managed assembly." I understood I can decompiled the dll with your replay. So I had a hard time extracting PNG images from WinHex's memory dump. I have a question. How can I write a C# program on issues? When I wrote the C # program the other day, all space was deleted and written in left justified.

[haniwa55]

I understood that I can write C # program after ”```”.

    public void Hello()
    {
        Console.WriteLine("Hello C# world.");
    }

Please teach your analytical techniques to me again. Thank you very much for your answer despite being so busy.

[MXS2514]

https://vndb.org/r44419 A small issue since there already a related post so maybe not open new issue: v1.5.35.2260 with latest format lib, worked with png.utage but not jpg.utage The most ev pic of the game are encrypted as jpg.utage I've confirmed the encrypt scheme is same as png.utage(for most case), so maybe garbro needs a little update.

[haniwa55]

I investigated "jpg.utage" in that game. As a result, the encryption method and encryption key were the same as "png.utage". However, "jpg.utage" can not be browsed with the latest GARbro. I think the reason is that GARbro just does not know the existence of "jpg.utage". This "How to decrypt utage image #150" issue is already closed. So, I think Mr.morkt is not aware of your issue. If you need to browse "jpg.utage" by GARbro I think that you should open a new issue. As a result, Mr.morkt will solve your new issue easily.

[haniwa55]

I'm sorry. If I reopen this issue Mr.morkt can know the problem of "jpg.utage".

[haniwa55]

Thank you very much for the update soon. Огромное спасибо!